The output is the entire 256-byte hash converted into base66, with each digit represented by a simple syllable of a consonant and a wovel, or a single wovel.

An example would be: ipakozubikusabobisatuosimaaremerukunehirubukiesoadiegiranooanibeizomunidoko

This string is intended as a base the user should truncate, capitalize and augment with non-alphanumeric and numeric characters (to appease password safety checking rules) according to personal taste.

The entropy is provided by the secret, which is an arbitrarily long string entered by the user that is saved into the phone keychain - when used correctly, there should be no issues with the size of the password space. Based on the cryptographic safety of the SHA-256 algorithm used as the hashing function in the pbkdf2 slow hash, any substring should represent an actual password space of 66 to the power of the number of its syllables.

The user is encouraged to also change the default hash salt, which makes a rainbow table attack unfeasible, and using a slow hash ensures that the password generator itself is at least as strong a link as any other in the authentication chain.